How to create a strong risk register

Third Sector Promotion Markel

Do your stakeholders realise that regularly tracking risks could help secure finances, get them out of the crisis zone and meet future objectives with greater certainty?

Faced with the prospect of funding cuts and increased competition, charities often opt to focus on their short-term survival at the expense of meaningful risk management.

Once the legal requirements have been met, many organisations tend to forget about the process until the next annual audit or unforeseen issue arises.

Having a meaningful risk register will encourage you to dust off those well-intended plans and build them into your operations.

Risk registers make it easier for organisations to rank key risks and mitigate any that stand in the way of their objectives.

"It is vital that charities evaluate potential risk, make relevant people aware of the identified risks and the control measures that have been implemented," says Wendy Cotton, Markel’s Technical Line Manager – Social Welfare. "This ensures everyone is as safe as possible whilst delivering crucial services in the community."

So, how do you go about creating one that is meaningful and remains top of your stakeholders’ to-do lists?

The first step
Define your risk policy.

This involves deciding how much risk you are comfortable with shouldering for each of your charity’s objectives, and being clear about the risks you would not accept in any circumstances.

Charities with larger reserves are likely to have a greater tolerance for risk than those that are struggling with their finances.

This risk policy will help determine how suitable certain activities are for your organisation. For example, a charity working in a warzone will need to be in a strong enough financial position to shoulder the relatively high risks associated with these operations.  

The next stage
Identify the main risks.

Considering the risks associated with each of the following organisational objectives is a good way of moving these early discussions beyond the basic list-based approach:

  • Having the right impact and the intended outcomes for your beneficiaries
  • Managing finances to secure the financial sustainability of the organisation
  • Compliance with law and regulation
  • Protecting your reputation
  • Objectives that relate to the unique purpose of the charity.

Involving stakeholders across each of the key agendas in your charity should ensure that important risks do not get missed or marginalised.

Once the main risks have been agreed, it is recommended that potential outcomes are ranked in terms of their impact and likelihood of occurring.

Take it a step further
It can be useful to organise these events into a heat map where outcomes are colour graded according to their level of seriousness. These easy-to-read illustrations would highlight a catastrophic event with a high probability of occurring in red, while an insignificant risk with a remote chance of taking place would be green.

Now it’s time to decide how you would respond to each of the potential occurrences. The options include:

  • Stopping an activity to avoid the related risk
  • Transferring the risk to a third party such as a trading subsidiary
  • Sharing the risk with others, for example a joint venture
  • Limiting the charity’s exposure to risk through various hedging strategies
  • Tightening controls across key operations such as finance and human resources
  • Insuring against tangible risks including third party liability, fire, theft, and employers liability
  • Deciding that the likelihood or impact of a risk is low enough for no action to be taken

Following these steps should give you the basics of a risk register – the possible downsides your organisation faces which are ranked by impact and likelihood, and the actions to take if these events occur. But don’t stop there. Reaping the benefit of your new strategy requires regular reviews and clearly defined boundaries of responsibility.

It is vital that everyone involved with the risk management process knows what they should be monitoring, their response remit and who to contact if an issue becomes more serious. This can be communicated to stakeholders through a pre-defined hierarchy of responsibility with guidelines on the ownership of a particular risk at each level.

"External support can often be accessed free of charge to assist charities in this process, so they should seek out the opportunity to do this when possible," says Cotton.

The risk register should also be updated to take new risks into account and reflect changes linked to previously identified risks.

Instilling these processes will give your charity the flexibility to thrive in even the most uncertain times.

And with few charities currently having a risk register you will be better placed to show funders that you’re in it for the long term.

Content Labs

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in

Expert Articles: Risk Management

Advice on risk from Markel, a specialist insurance company working with charities, community groups, trustees, social enterprises and care providers.

7 steps to managing your safeguarding risk

Promotion from Markel

Safeguarding is an increasingly critical issue in the third sector with hefty fines for those that don't take it seriously. Here, Markel's care consultancy director, Jerry Oliver, offers seven top tips to putting a safeguarding plan in place

Winter is coming: Are you ready?

Promotion from Markel

With the onset of winter, the chances of severe disruptions to your business operations increase. But, if you have a contingency plan in place you can act swiftly to mitigate and minimise the risks

How to claim Gift Aid and who is eligible

Promotion from Markel

From small one-off cash contributions to a sizeable sum from a wealthy donor, the ability to claim back an additional 25% on donations through Gift Aid offers charities the chance to make philanthropy go further

How to prepare for the unexpected: the keys to if-and-when planning

Promotion from Markel

Having a robust business continuity plan is of critical importance - here's how to create one...

What is social value and why does it matter?

Promotion from Markel

The latest regulations mean that before launching the bidding process, commissioners must try to ensure that the services should secure greater benefits for the stakeholders and local area

What to do in the case of a breach: cyber fraud #2

Promotion from Markel

In the second part of our series, we look at how to respond to a breach.

How bad can cyber crime really get: cyber fraud #1

Promotion from Markel

In the first of a series, we investigate the risks to charities from having flawed cyber security - and why we need to up our game...

Managing cyber risk in the third sector

Promotion from Markel

Cyber risks should be high on the risk management agenda of third sector organisations as incidents hit the headlines and burden small organisations with increasing frequency.

Third Sector Logo

Get our bulletins. Read more articles. Join a growing community of Third Sector professionals

Register now